Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5096
Views
5
Helpful
4
Replies

Real time FTD logging for troubleshooting similar to ASDM

babiojd01
Level 1
Level 1

‎04-02-2020 09:51 AM

HI Community, i am curious how everyone else is handling the realtime logging of FTD traffic to assist in troubleshooting a deployment? We already have a siem but I am more interested in the immediate feedback like ASDM gave you. My initial thought was local syslog server installed on your pc. I then thought it might be easier to use a central server that everyone has access to in order to see real time logs.

1 person had this problem
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎04-02-2020 10:29 AM

How are you managing FTD using FMC, if your Access rule enabled the Logging, you can view real time on FMC ?

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html#anc8

 

you can also do with FDM :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-monitor.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

babiojd01
Level 1
Level 1
In response to balaji.bandi

‎04-02-2020 11:27 AM

I meant more so that permit deny behavior that ASDM gave you in the asdm log viewer. It would be managed by an FMC not FDM.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to babiojd01

‎04-03-2020 07:23 AM

From FMC you can view the Log events, not as expected like ASDM, it was small delay that was designed to work for now.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

giovanni.augusto
Level 1
Level 1

‎04-02-2020 12:42 PM

Hi,

 

I think this is a very good question, even if it's true that there are other options to inspect logs it's also true that these methods are not as immediate as ASDM real time view is.

Also connection events in FMC are not realtime and FMC is much slower than ASDM and the question is about troubleshooting so it means you need something fast like 1...2...3 check :)

 

I wish there would be an option for local log view directly on the FTD, just to offload the FMC

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card